The read_multipart function of the CGI library shipped with Ruby (cgi.rb) does not properly check boundaries in MIME multipart content. This is a different issue than GLSA 200611-12.

Impact

The vulnerability can be exploited by sending the cgi.rb library a crafted HTTP request with multipart MIME encoding that contains a malformed MIME boundary specifier. Successful exploitation of the vulnerability causes the library to go into an infinite loop.